It came to my attention today that I have a large number of user accounts expiring on 1/1/2020. Given the number, it would be best to update these en masse. I have seen a couple other posts where some folks were accomplishing this using a series of API requests / changes. However, I also came across this older sk article: sk522

Can anyone comment whether this is still a valid method on an R80.30 SMS? I'm not opposed to going the API route if necessary, but this method seems to accomplish the same thing in a single command.

In R7x, dbedit could be used for manipulating all object stored in objects_5_0.C and in other fwset files.

In R80.x, the tool is still supported, but it can manipulate only some of the objects (gateways and global properties for instance), while other objects (such as rulebase) can be managed only by the new mgmt_cli tool.

I have a followup question as I just ran this command in my test environment. It looks like this query is only returning Check Point Administrator accounts. I apologize if I wasn't clear from the beginning, these are users defined as RADIUS users for Client Authentication purposes.

I'm assuming this output is because we are querying administrators by using "show administrators". Is there an equivalent query to see non-Administrator users?

This would be users appearing under Users -> Users in the Object Explorer, for example:

So that's my misunderstanding. Your subject clearly states "All User Accounts" and has nothing to do with Administrators. 😲

There does not appear to easily display and edit the users list via the mgmt_cli command. You can export the list of users via Object Explorer in SmartConsole to review their expiration dates. If you have that information, it is possible to track down the UIDs of each user (manually) and use the generic-object API to manipulate the expiration date. This is how I handled it in my test environment.

Since this uses the generic-object API, please proceed with caution.

I created a user "usertest" in Smartconsole. Using the show object with a filter for the username as well as a select filter in JQ, I was able to retrieve the UID for the usertest user object.